“…below them, running along the seabed, is a dense array of submarine internet cables that keep the world online.Ī large and relatively nearby earthquake would be a menace of similar scale.
How one volcano could trigger world chaos Tags: academic papers, authentication, cryptanalysis, encryption, side-channel attacks, threat models, vulnerabilities Left out of the statement is that the protocol the researchers analyzed is old because they disclosed the vulnerabilities to Threema, and Threema updated it. “Most assume extensive and unrealistic prerequisites that would have far greater consequences than the respective finding itself.” “While some of the findings presented in the paper may be interesting from a theoretical standpoint, none of them ever had any considerable real-world impact,” the post stated.
It also said the researchers were overselling their findings. In a web post, Threema officials said the vulnerabilities applied to an old protocol that’s no longer in use. The company is performing the usual denials and deflections: The app uses a custom-designed encryption protocol in contravention of established cryptographic norms. It’s among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. Threema developers advertise it as a more secure alternative to Meta’s WhatsApp messenger. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. We discuss remediations for our attacks and draw three wider lessons for developers of secure protocols. As another, we demonstrate a compression-based side-channel attack that recovers users’ long-term private keys through observation of the size of Threema encrypted back-ups. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. We present seven different attacks against the protocol in three different threat models. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. A group of Swiss researchers have published an impressive security analysis of Threema.
0 kommentar(er)
